pp-nylas
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill's operations are consistent with its documented purpose of providing an enhanced interface for the Nylas API.
- [EXTERNAL_DOWNLOADS]: The skill installs the
nylas-pp-clitool vianpxfrom the@mvanhorn/printing-presspackage. This resource originates from the verified namespace of the skill's author. - [COMMAND_EXECUTION]: Executes subcommands of
nylas-pp-clito sync, search, and manage email and calendar data. Destructive actions are protected by mandatory confirmation or a--dry-runcapability for payload review. - [PROMPT_INJECTION]: The skill processes external content (emails and events), creating an indirect prompt injection surface. This risk is managed through several mechanisms:
- Ingestion points: Data entering the context via
sync,search, andsincecommands inSKILL.md. - Boundary markers: The
--agentflag enforces machine-readable output formats, reducing unintended instruction following. - Capability inventory: Command execution via
nylas-pp-cliand network delivery options. - Sanitization: Idempotency flags, dry-run previews, and read-only SQL modes provide layers of protection against malicious inputs.
Audit Metadata